Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub topics: lsass

fortra/nanodump

The swiss army knife of LSASS dumping

Language: C - Size: 14.9 MB - Last synced at: 6 days ago - Pushed at: 8 months ago - Stars: 1,926 - Forks: 250

ricardojoserf/TrickDump

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Language: C# - Size: 615 KB - Last synced at: 14 days ago - Pushed at: 14 days ago - Stars: 452 - Forks: 51

bac123456789000/lsass-memory-scraping

The case illustrates the power of structured host-based triage — beginning with logs and EDR, and moving through file inspection, RAM capture, and finally, network artifact confirmation.

Language: Jupyter Notebook - Size: 31.3 KB - Last synced at: 18 days ago - Pushed at: 18 days ago - Stars: 0 - Forks: 0

ricardojoserf/NativeDump

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Language: C# - Size: 319 KB - Last synced at: 18 days ago - Pushed at: 18 days ago - Stars: 588 - Forks: 87

Compcode1/lsass-memory-scraping

The case illustrates the power of structured host-based triage — beginning with logs and EDR, and moving through file inspection, RAM capture, and finally, network artifact confirmation.

Language: Jupyter Notebook - Size: 40 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 0 - Forks: 0

JaroMarko/LSASS-Hash-Extractor

A Python tool to extract NTLM or SHA1 hashes from Mimikatz output, save them in sanitized files, and organize them into a specified directory.

Language: Python - Size: 0 Bytes - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

CCob/MirrorDump

Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory

Language: C# - Size: 836 KB - Last synced at: about 2 months ago - Pushed at: about 4 years ago - Stars: 262 - Forks: 60

jkerai1/WindowsHardeningScripts

Windows Hardening Powershell Scripts

Language: PowerShell - Size: 279 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 14 - Forks: 1

EvanDesR/removingLSASS_ProcessProtection

Kernelmode program removing LSASS.exe's processs protection allowing mimikatz and other memory dumpers to extract windows credentials.

Language: C++ - Size: 9.77 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

TheKingOfDuck/hashdump

Dumping Windows Local Credentials Tools/Tricks

Language: PowerShell - Size: 16.6 MB - Last synced at: about 1 month ago - Pushed at: about 5 years ago - Stars: 68 - Forks: 26

kindtime/nosferatu

Windows NTLM Authentication Backdoor

Language: C++ - Size: 964 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 234 - Forks: 46

keowu/WinHandKill

A plugin for x64dbg that allows you to hook the Local Security Authority Subsystem Service process to extract all possible TLS(On handshake, Import, Export or Generate) keys from the operating system using the SeDebugPrivilege escalation to make malware analysis faster and easier.

Language: CMake - Size: 3.33 MB - Last synced at: 3 months ago - Pushed at: 11 months ago - Stars: 8 - Forks: 3

Hagrid29/DuplicateDump

Dumping LSASS with a duplicated handle from custom LSA plugin

Language: C# - Size: 8.11 MB - Last synced at: 6 months ago - Pushed at: about 3 years ago - Stars: 199 - Forks: 22

aas-n/spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

Language: Python - Size: 21 MB - Last synced at: 6 months ago - Pushed at: almost 5 years ago - Stars: 753 - Forks: 122

okankurtuluss/LSASSExtractor

LSASSExtractor is a lightweight tool designed to capture memory dumps of the LSASS process on Windows systems. By leveraging the Windows API, it locates the target process and creates a memory dump, which can be analyzed to extract sensitive information such as passwords, encryption keys, and authentication tokens.

Language: C++ - Size: 350 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 0 - Forks: 0

FOGSEC/SafetyKatz Fork of GhostPack/SafetyKatz

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader

Language: C# - Size: 272 KB - Last synced at: over 1 year ago - Pushed at: almost 7 years ago - Stars: 3 - Forks: 0

Retr0-code/hash-dumper

Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already saved SAM and SYSTEM hives.

Language: C - Size: 127 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 0

zodi4cx/OpenSesame

A bootkit to bypass Windows login (WIP)

Language: Rust - Size: 64.5 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

cl4ym0re/sysMiniDumpWD

A lsass dump tool using MiniDumpWriteDump & syscall(NtOpenProcess) technique. only tested on windows 11 with defender enabled:-)

Language: C - Size: 50 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 10 - Forks: 2

ricardojoserf/lsass-dumper

Dump lsass.exe generating a file with the hostname and date in txt format using C++.

Language: C++ - Size: 23.4 KB - Last synced at: about 1 year ago - Pushed at: over 3 years ago - Stars: 4 - Forks: 1

xiosec/LeakGuard

LeakGuard is a project to prevent the use of leaked passwords.

Language: Go - Size: 221 KB - Last synced at: about 2 months ago - Pushed at: almost 2 years ago - Stars: 3 - Forks: 0

REVRBE/lsass-cleaning

lsass.exe string clean-up (skript.gg) needs fixing (leaves two traces)

Language: C++ - Size: 7.81 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

jbaines-r7/dellicious

Enabled / Disable LSA Protection via BYOVD

Language: C++ - Size: 1.62 MB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 29 - Forks: 6

lassehauballe/Shellcode-Minidumpwritedump

Shellcode for creating a minidump file of the lsass.exe process.

Language: Python - Size: 129 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 5 - Forks: 1

saif-mahmud/Crypto-Lab

CSE 4118 Cryptography and Security Lab

Language: C++ - Size: 19.1 MB - Last synced at: about 2 years ago - Pushed at: over 5 years ago - Stars: 5 - Forks: 0

Related Keywords
lsass 25 windows 6 mimikatz 6 redteam 3 lsa 3 memory-forensics 2 powershell-analysis 2 windows-forensics 2 hashdump 2 privilege-escalation 2 credentials 2 dumping 2 security 2 pentest 2 hardening 2 exploit 2 ntlm 2 host-triage 2 edr-analysis 2 digital-forensics 2 cybersecurity-case-study 2 cybersecurity 2 credential-dumping 2 security-tools 2 redteam-tools 2 ntdll-unhooking 2 ntapi 2 lsass-dump 2 cobalt-strike 2 system 1 windows-10 1 samdump 1 bootkit 1 uefi 1 dump 1 evasion 1 dump-lsass 1 xss-vulnerability 1 sam 1 registry-hive 1 registry 1 ntlmv2 1 nt-hash 1 linux-app 1 linux 1 hash-dump 1 dumper 1 dump-hashes 1 c 1 visual-studio 1 visual 1 x64dbg-plugin 1 sql-injection 1 smb 1 sha256 1 rsa 1 pycrypto 1 port-scanning 1 pentesting 1 md5 1 length-extension 1 hash-collision 1 csrf 1 caesar-cipher 1 buffer-overflow 1 arp-spoofing 1 aes 1 shellcode 1 poc 1 fivem-bypass 1 windows-internals 1 leakguard 1 leak 1 ldap 1 active-directory 1 ssl 1 reverse-engineering 1 maninthemiddleattack 1 malware-analysis 1 hooking 1 backdoor 1 windows-local-credentials 1 mercury-dumping 1 mercury 1 kmdf 1 kernel 1 winrm 1 runasppl 1 ppl 1 powershell 1 intune 1 gpo 1 basicauthentication 1 python 1 hash-extractor 1 forensics 1 cna 1 bof 1 studio 1 strike 1